Cloud Contracts – What About Getting Yourself (and your data) out in a Hurry?

September 25, 2013

The recent announcement of pending closure for Nirvanix,[1] a CSP, highlights a number of points that I have often stressed as critical in data assessment prior to cloud usage, cloud vendor assessment, cloud contracting specifically, and data protection and retention in general.These are:

1. “In addition – always (have) a detailed exit protocol with a combination of specific steps, cost structures, and room to negotiate if and where possible.Cloud Vendors offering no exit strategy, or an overly-rigid or convoluted one, should be approached with high caution.”[2]

2. “If you have critical functionalities that have moved completely or almost completely to a cloud-based solution… then it is highly-advisable to have a backup cloud.”[3]

3. Protect and backup your data as per your assessment of the V5 Interplay “…the mix of data volume, velocity, variety, value, and vulnerability that determines the how, where, and how often you back it up; amongst other distinct operations and/or management tasks.”[4]

4. Mature cloud users should be in a state where “Legal counsel sufficiently aware of the Cloud’s advantages and disadvantages to advise you, can draft or review your Cloud Services Agreements, or negotiate them from the outset, if the latter option is actually made available to you by the Vendor.”[5]

To now learn that many large and systemically significant entities in a host of industries have massive amounts of data with this one provider that they are now rushing to remove before the pending shutdown,[6] is quite worrying in terms of Cybersecurity, Cloud best practices, and attendant potential legal liability.

OPTIONS:

Of course, any speculation is pure speculation, as I have no personal knowledge of their arrangements, whether or not these exits are orderly, or if they will be concluded in good time.However, one would expect that:

(i) for the most critical data in that V5 interplay;

(ii) multiple CSPs should have been used;

(iii) offsite backup should not have been automatically discontinued;

(iv) a detailed exit protocol (“cloud emigration”) would have been contractually agreed-upon in advance, with access to the key or contracted staff – including migration/emigration as a service providers or other such specialists;

(v) guaranteed continued availability of staff and data as was already specified in the original SLA; and

(vi) either CSP insurance (as with employment practices insurance, business interruption or business continuity insurance, or some such), a portion of the client fees segregated in advance by lockbox arrangement to pre-fund an orderly exit, or any host of other arrangements to cover those exit costs, would have been specified as preconditions for entering into a cloud services agreement in the first instance, laid-out in detail, mutually agreed, practiced and reviewed for updates from time to time, and enacted as and when needed.

CONCLUSIONS:

This case is quite instructive, and many cloud users will, doubtless, take note and a few pointers for their own contracts (whether as promptly amended or when next renewed), so as to avoid future problems when this kind of situation replicates, or any other foreseeable or unforeseen eventuality causes a similar rumble of thunder to ripple across the Cloud-sphere.They must be able to promptly, securely, and in an organized fashion “rein-in” and “reel-back” their uploaded data from the cloud, without having their own clients and data subjects rain thunder and lightning down on them, for any failure to so do.[7]If their data gets stuck in CSP insolvency wranglings, then a whole host of new twists and turns will develop.

*********************************************************************

Author:

Ekundayo George is a sociologist and a lawyer.He has also taken courses in organizational and micro-organizational behavior, and has significant experienced in business law and counseling (incorporations, business plans, contracts and non-disclosure agreements, teaming and joint venture agreements), diverse litigation, and regulatory practice.He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S. business advising, outsourcing and cross-border trade, technology contracts, and U.S. financing).See, for example: http://www.ogalaws.com.A writer, blogger, and avid reader, Mr. George is a published author in Environmental Law and Policy (National Security aspects), and has sector experience in healthcare, communications, financial services, real estate, international trade, eCommerce, Cloud, and Outsourcing.

Mr. George is also an experienced strategic consultant; sourcing, managing, and delivering on large, high stakes, strategic projects (investigations, procurements, and consulting engagements) with multiple stakeholders and multidisciplinary project teams.See, for example: http://www.simprime-ca.com.

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering any professional service, or attorney advertising where restricted or barred.The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein.